netudima commented on code in PR #3655:
URL: https://github.com/apache/cassandra/pull/3655#discussion_r1860359338
##########
src/java/org/apache/cassandra/transport/CQLMessageHandler.java:
##########
@@ -518,10 +533,23 @@ protected boolean
processFirstFrameOfLargeMessage(IntactFrame frame, Limit endpo
// max CQL message size defaults to 256mb, so should be safe to
downcast
int messageSize = Ints.checkedCast(header.bodySizeInBytes);
receivedBytes += buf.remaining();
+
+ if (authMessageTooBig(messageSize))
Review Comment:
Here we may have a security issue: the connection state machine which
checks what request types are valid currently is within ServerConnection, so a
malicious user can send a request with a type != STARTUP, CREDENTIALS, OPTIONS,
AUTH_RESPONSE (for example BATCH) to bypass this size protection, in other
words we cannot rely on an input from network such as request type to decide if
a size check is needed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
